A NEW TYPE of malware has been discovered that has managed to evade 50 out of 66 AV products it was tested on.
Researchers at Cupertino-based virtualised security company Bromium discovered a technique being used by hackers which they describe as ‘polymorphic’, attacking both primary and secondary executables.
The banking Trojan is capable of evading capture and appearing in your inbox, even with a virus scanner facility.
Matt Rowen, a software engineer at Bromium says that this is a sign that hackers are getting more creative and devious:
“Historically, malware writers simply change the packaging or wrapper when they distribute malware. For instance, it might be a PDF or Word document, but the dropped malicious file inside could be weeks old and, as such, known to AV. Now we see the secondary executable is changing as well, so the malware is not recognized by AV.
“Worryingly, this shows that malware writers are really improving the standard of their engineering – that spells trouble for AV vendors, who will be forced into a whack-a-mole situation they can never win.”
Fraser Kyne, Chief Technology Officer for Chromium EMEA warns that having perfected this technique, the hackers could inspire copycats, which could, in turn, lead to implementations in other places like ransomware and cryptolockers.
Kyne argues that virtualisation is the best form of defence because it stops nasties getting through to the host machine, but it drifts into a rather thinly veiled advert for his company, so you can guess the rest.
The fact is that, assuming you’re the sort of person to fall for this kind of thing, it doesn’t really matter what the technique is, you’ll fall for it. The concern is that if AV software makes is lackadaisical, we might not be on the look out for the obvious signs of something that isn’t as it should be. µ
Source : Inquirer